/** * Validates the access-token and performs the login. */ protected function checkAccessToken() { if (isset($_REQUEST['at'])) { list($userID, $token) = explode('-', StringUtil::trim($_REQUEST['at'])); if (WCF::getUser()->userID) { if ($userID == WCF::getUser()->userID && PasswordUtil::secureCompare(WCF::getUser()->accessToken, $token)) { // everything is fine, but we are already logged in return; } else { // token is invalid throw new IllegalLinkException(); } } else { $user = new User($userID); if (PasswordUtil::secureCompare($user->accessToken, $token)) { // token is valid -> change user SessionHandler::getInstance()->changeUser($user, true); } else { // token is invalid throw new IllegalLinkException(); } } } }
/** * Updates session's last activity time to prevent it from expiring. */ public function keepAlive() { // ignore sessions created by this request if (WCF::getSession()->lastActivityTime == TIME_NOW) { return; } SessionHandler::getInstance()->keepAlive(); }
/** * Updates session's last activity time to prevent it from expiring. In addition this method * will return updated counters for notifications and 3rd party components. * * @return array<mixed> */ public function keepAlive() { // ignore sessions created by this request if (WCF::getSession()->lastActivityTime == TIME_NOW) { return; } // update last activity time SessionHandler::getInstance()->keepAlive(); // update notification counts $this->keepAliveData = array('userNotificationCount' => UserNotificationHandler::getInstance()->getNotificationCount(true)); // notify 3rd party components EventHandler::getInstance()->fireAction($this, 'keepAlive'); return $this->keepAliveData; }
/** * @see wcf\system\worker\IWorker::execute() */ public function execute() { // load fakers autoloader require_once WCF_DIR . 'lib/system/api/faker/src/autoload.php'; $className = $this->parameters['faker']; $faker = new $className(\Faker\Factory::create($this->parameters['fakerLocale']), $this->parameters); $user = WCF::getUser(); WCF::getDB()->beginTransaction(); for ($i = $this->limit * $this->loopCount, $j = 0; $i < $this->count && $j < $this->limit; $i++, $j++) { $faker->fake(); } WCF::getDB()->commitTransaction(); \wcf\system\session\SessionHandler::getInstance()->changeUser($user, true); }
/** * @see \wcf\system\faker\IFaker::fake() */ public function fake() { $sql = "SELECT\t\tuserID\n\t\t\tFROM\t\twcf" . WCF_N . "_user\n\t\t\tORDER BY\tuserID ASC"; $statement = WCF::getDB()->prepareStatement($sql, 1, $this->generator->numberBetween(0, $this->userCount - 1)); $statement->execute(); $target = $statement->fetchObject('\\wcf\\data\\user\\User'); $sql = "SELECT\t\tuserID\n\t\t\tFROM\t\twcf" . WCF_N . "_user\n\t\t\tWHERE\t\tuserID <> ?\n\t\t\tORDER BY\tuserID ASC"; $statement = WCF::getDB()->prepareStatement($sql, 1, $this->userCount - 2 ? $this->generator->numberBetween(0, $this->userCount - 2) : 0); $statement->execute(array($target->userID)); $issuer = $statement->fetchObject('\\wcf\\data\\user\\User'); \wcf\system\session\SessionHandler::getInstance()->changeUser($issuer, true); $objectAction = new \wcf\data\user\ignore\UserIgnoreAction(array(), 'ignore', array('data' => array('ignoreUserID' => $target->userID))); $objectAction->executeAction(); }
/** * @see \wcf\system\session\ACPSessionFactory::init() */ protected function init() { $usesCookies = true; if (isset($_COOKIE[COOKIE_PREFIX . 'cookieHash'])) { if ($_COOKIE[COOKIE_PREFIX . 'cookieHash'] != SessionHandler::getInstance()->sessionID) { $usesCookies = false; } } else { $usesCookies = false; } if (!$usesCookies) { // cookie support will be enabled upon next request HeaderUtil::setCookie('cookieHash', SessionHandler::getInstance()->sessionID); } else { // enable cookie support SessionHandler::getInstance()->enableCookies(); } parent::init(); }
/** * @see wcf\system\SingletonFactory::init() */ protected final function init() { $this->sessionHandler = SessionHandler::getInstance(); // initialize session $this->initSession(); }
/** * do need action for done login * * @param wcf\data\user\User $oUser */ public function doneLogin($oUser) { if (!$oUser || !$oUser->userID) { return false; } WCF::getSession()->changeUser($oUser); HeaderUtil::setCookie('cookieHash', SessionHandler::getInstance()->sessionID); MbqMain::$oMbqAppEnv->oCurrentUser = $oUser; $this->initOCurMbqEtUser($oUser->userID); return true; }
/** * @author Marcel Werk * @copyright 2001-2011 WoltLab GmbH * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> * @package com.woltlab.wcf * @category Community Framework */ // change the priority of the PIP's to "1" $sql = "UPDATE wcf".WCF_N."_package_installation_plugin SET priority = ?"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array(1)); // reset sessions SessionHandler::resetSessions(); // update acp templates $sql = "UPDATE wcf".WCF_N."_acp_template SET packageID = ?"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array(1)); // update language $sql = "UPDATE wcf".WCF_N."_language_item SET packageID = ?"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array(1)); // update installation logs $sql = "UPDATE wcf".WCF_N."_package_installation_file_log
/** * Starts the session system. */ protected function initSession() { $factory = new SessionFactory(); $factory->load(); self::$sessionObj = SessionHandler::getInstance(); }
/** * Initializes the session system. */ protected function init() { SessionHandler::getInstance()->initSession(); }
/** * @see wcf\data\IEditableCachedObject::resetCache() */ public static function resetCache() { // clear cache UserGroupCacheBuilder::getInstance()->reset(); UserGroupPermissionCacheBuilder::getInstance()->reset(); // clear sessions SessionHandler::resetSessions(); }
/** * @see \wcf\data\IEditableCachedObject::resetCache() */ public static function resetCache() { SessionHandler::resetSessions(); }
/** * @see \wcf\form\IForm::save() */ public function save() { foreach ($this->userIDs as $userID) { if ($userID != $this->destinationUserID) { $this->mergedUserIDs[] = $userID; } } parent::save(); // poll_option_vote $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE IGNORE\twcf" . WCF_N . "_poll_option_vote\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // comment $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE\twcf" . WCF_N . "_comment\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // comment_response $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE\twcf" . WCF_N . "_comment_response\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // profile comments $objectType = ObjectTypeCache::getInstance()->getObjectTypeByName('com.woltlab.wcf.comment.commentableContent', 'com.woltlab.wcf.user.profileComment'); $conditions = new PreparedStatementConditionBuilder(); $conditions->add("objectTypeID = ?", array($objectType->objectTypeID)); $conditions->add("objectID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE\twcf" . WCF_N . "_comment\n\t\t\tSET\tobjectID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // like (userID) $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE IGNORE\twcf" . WCF_N . "_like\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // like (objectUserID) $conditions = new PreparedStatementConditionBuilder(); $conditions->add("objectUserID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE\twcf" . WCF_N . "_like\n\t\t\tSET\tobjectUserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // like_object $conditions = new PreparedStatementConditionBuilder(); $conditions->add("objectUserID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE\twcf" . WCF_N . "_like_object\n\t\t\tSET\tobjectUserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // user_follow (userID) $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $conditions->add("followUserID <> ?", array($this->destinationUserID)); $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_follow\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // user_follow (followUserID) $conditions = new PreparedStatementConditionBuilder(); $conditions->add("followUserID IN (?)", array($this->mergedUserIDs)); $conditions->add("userID <> ?", array($this->destinationUserID)); $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_follow\n\t\t\tSET\t\tfollowUserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // user_ignore (userID) $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $conditions->add("ignoreUserID <> ?", array($this->destinationUserID)); $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_ignore\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // user_ignore (ignoreUserID) $conditions = new PreparedStatementConditionBuilder(); $conditions->add("ignoreUserID IN (?)", array($this->mergedUserIDs)); $conditions->add("userID <> ?", array($this->destinationUserID)); $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_ignore\n\t\t\tSET\t\tignoreUserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // user_object_watch $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_object_watch\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // user_activity_event $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE\twcf" . WCF_N . "_user_activity_event\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // attachments $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE\twcf" . WCF_N . "_attachment\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // modification_log $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->mergedUserIDs)); $sql = "UPDATE\twcf" . WCF_N . "_modification_log\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters())); // delete merged users $action = new UserAction($this->mergedUserIDs, 'delete'); $action->executeAction(); // reset clipboard ClipboardHandler::getInstance()->removeItems($this->objectTypeID); SessionHandler::resetSessions($this->userIDs); $this->saved(); // show success message WCF::getTPL()->assign('message', 'wcf.global.success'); WCF::getTPL()->display('success'); exit; }
/** * @see wcf\data\IEditableCachedObject::resetCache() */ public static function resetCache() { // clear cache CacheHandler::getInstance()->clear(WCF_DIR . 'cache', 'cache.groups*.php'); // clear sessions SessionHandler::resetSessions(); }
/** * Registers with wcf setup delivered packages in the package installation queue. */ protected function installPackages() { // init database connection $this->initDB(); // get admin account $admin = new User(1); // get delivered packages $wcfPackageFile = ''; $otherPackages = array(); $tar = new Tar(SETUP_FILE); foreach ($tar->getContentList() as $file) { if ($file['type'] != 'folder' && mb_strpos($file['filename'], 'install/packages/') === 0) { $packageFile = basename($file['filename']); // ignore any files which aren't an archive if (preg_match('~\\.(tar\\.gz|tgz|tar)$~', $packageFile)) { $packageName = preg_replace('!\\.(tar\\.gz|tgz|tar)$!', '', $packageFile); if ($packageName == 'com.woltlab.wcf') { $wcfPackageFile = $packageFile; } else { $isStrato = !empty($_SERVER['DOCUMENT_ROOT']) && strpos($_SERVER['DOCUMENT_ROOT'], 'strato') !== false; if (!$isStrato && preg_match('!\\.(tar\\.gz|tgz)$!', $packageFile)) { // try to unzip zipped package files if (FileUtil::uncompressFile(TMP_DIR . 'install/packages/' . $packageFile, TMP_DIR . 'install/packages/' . $packageName . '.tar')) { @unlink(TMP_DIR . 'install/packages/' . $packageFile); $packageFile = $packageName . '.tar'; } } $otherPackages[$packageName] = $packageFile; } } } } $tar->close(); // register packages in queue // get new process id $sql = "SELECT\tMAX(processNo) AS processNo\n\t\t\tFROM\twcf" . WCF_N . "_package_installation_queue"; $statement = self::getDB()->prepareStatement($sql); $statement->execute(); $result = $statement->fetchArray(); $processNo = intval($result['processNo']) + 1; // search existing wcf package $sql = "SELECT\tCOUNT(*) AS count\n\t\t\tFROM\twcf" . WCF_N . "_package\n\t\t\tWHERE\tpackage = 'com.woltlab.wcf'"; $statement = self::getDB()->prepareStatement($sql); $statement->execute(); $row = $statement->fetchArray(); if (!$row['count']) { if (empty($wcfPackageFile)) { throw new SystemException('the essential package com.woltlab.wcf is missing.'); } // register essential wcf package $queue = PackageInstallationQueueEditor::create(array('processNo' => $processNo, 'userID' => $admin->userID, 'package' => 'com.woltlab.wcf', 'packageName' => 'WoltLab Community Framework', 'archive' => TMP_DIR . 'install/packages/' . $wcfPackageFile, 'isApplication' => 1)); } // register all other delivered packages asort($otherPackages); foreach ($otherPackages as $packageName => $packageFile) { // extract packageName from archive's package.xml $archive = new PackageArchive(TMP_DIR . 'install/packages/' . $packageFile); try { $archive->openArchive(); } catch (\Exception $e) { // we've encountered a broken archive, revert everything and then fail $sql = "SELECT\tqueueID, parentQueueID\n\t\t\t\t\tFROM\twcf" . WCF_N . "_package_installation_queue"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(); $queues = array(); while ($row = $statement->fetchArray()) { $queues[$row['queueID']] = $row['parentQueueID']; } $queueIDs = array(); $queueID = $queue->queueID; while ($queueID) { $queueIDs[] = $queueID; $queueID = isset($queues[$queueID]) ? $queues[$queueID] : 0; } // remove previously created queues if (!empty($queueIDs)) { $sql = "DELETE FROM\twcf" . WCF_N . "_package_installation_queue\n\t\t\t\t\t\tWHERE\t\tqueueID = ?"; $statement = WCF::getDB()->prepareStatement($sql); WCF::getDB()->beginTransaction(); foreach ($queueIDs as $queueID) { $statement->execute(array($queueID)); } WCF::getDB()->commitTransaction(); } // remove package files @unlink(TMP_DIR . 'install/packages/' . $wcfPackageFile); foreach ($otherPackages as $packageFile) { @unlink(TMP_DIR . 'install/packages/' . $packageFile); } // throw exception again throw new SystemException('', 0, '', $e); } $queue = PackageInstallationQueueEditor::create(array('parentQueueID' => $queue->queueID, 'processNo' => $processNo, 'userID' => $admin->userID, 'package' => $packageName, 'packageName' => $archive->getLocalizedPackageInfo('packageName'), 'archive' => TMP_DIR . 'install/packages/' . $packageFile, 'isApplication' => 1)); } // login as admin $factory = new ACPSessionFactory(); $factory->load(); SessionHandler::getInstance()->changeUser($admin); SessionHandler::getInstance()->register('masterPassword', 1); SessionHandler::getInstance()->register('__wcfSetup_developerMode', self::$developerMode); SessionHandler::getInstance()->update(); $installPhpDeleted = @unlink('./install.php'); @unlink('./test.php'); $wcfSetupTarDeleted = @unlink('./WCFSetup.tar.gz'); // print page WCF::getTPL()->assign(array('installPhpDeleted' => $installPhpDeleted, 'wcfSetupTarDeleted' => $wcfSetupTarDeleted)); WCF::getTPL()->display('stepInstallPackages'); // delete tmp files $directory = TMP_DIR . '/'; DirectoryUtil::getInstance($directory)->removePattern(new Regex('\\.tar(\\.gz)?$'), true); }
/** * @see wcf\form\IForm::save() */ public function save() { parent::save(); $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($this->userIDs)); $sql = "SELECT\tuserID, groupID\n\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute($conditions->getParameters()); $groups = array(); while ($row = $statement->fetchArray()) { $groups[$row['userID']][] = $row['groupID']; } foreach ($this->users as $user) { if (!UserGroup::isAccessibleGroup($groups[$user->userID])) { throw new PermissionDeniedException(); } $groupsIDs = array_merge($groups[$user->userID], $this->groupIDs); $groupsIDs = array_unique($groupsIDs); $userEditor = new UserEditor($user); $userEditor->addToGroups($groupsIDs, true, false); } ClipboardHandler::getInstance()->removeItems($this->typeID); SessionHandler::resetSessions($this->userIDs); $this->saved(); WCF::getTPL()->assign('message', 'wcf.acp.user.assignToGroup.success'); WCF::getTPL()->display('success'); exit; }